Sm_PolicyApi_SAMLProviderProp_t

Defines a SAML 2.0 metadata property as a name/value pair.
casso127
Defines a SAML 2.0 metadata property as a name/value pair.
An Sm_PolicyApi_SAMLProviderProp_t structure consists of a single name/value pair. You define a set of properties for a given SAML 2.0 object through a linked list of Sm_PolicyApi_SAMLProviderProp_t structures.
Use the following structures and function to define a set of properties for a SAML 2.0 Service Provider, affiliation, or authentication scheme and associated Identity Provider:
  • Sm_PolicyApi_SAMLSP_t
  • Sm_PolicyApi_SAMLAffiliation_t
  • Sm_PolicyApi_AddSAMLScheme()
Syntax
typedef struct Sm_PolicyApi_SAMLProviderProp_s
{
int iStructId;
char pszName[BFSIZE];
char pszValue[BFSIZE];
struct Sm_PolicyApi_SAMLProviderProp_s *next;
} Sm_PolicyApi_SAMLProviderProp_t;
Field
Description
iStructId
SAML 2.0 properties structure ID, defined in Sm_PolicyApi_Structs_t.
pszName
The property name. See Property Lists for a list of valid property names.
pszValue
The value to assign to
pszName
.
next
Pointer to the next SAML 2.0 properties structure.
Example
The following is an example of a helper method that creates an instance of Sm_PolicyApi_SAMLProviderProp_t and assigns it the name/value pair that is passed into it:
Sm_PolicyApi_SAMLProviderProp_t * CreateSAMLProp(
const char *pszName,const char *pszValue)
{
Sm_PolicyApi_SAMLProviderProp_t * pProp = newSm_PolicyApi_SAMLProviderProp_t;
memset(pProp, 0, sizeof(Sm_PolicyApi_SAMLProviderProp_t));
pProp->iStructId = Sm_PolicyApi_SAMLProviderProp_ID;
strncpy(pProp->pszName, pszName, BFSIZE);
strncpy(pProp->pszValue, pszValue, BFSIZE);
return pProp;
}
The following is an example of a helper method that retrieves the value of the property whose name is passed into it:
char * FindSAMLParam(const Sm_PolicyApi_SAMLSP_t *pStructSP,
const char *pszName)
{
for(Sm_PolicyApi_SAMLProviderProp_t *pCurProp=pStructSP->pProps;
pCurProp != NULL;
pCurProp = pCurProp->next)
{
if (0 == strcmp(pCurProp->pszName, pszName))
{
return pCurProp->pszValue;
}
}
return NULL;
}
Property Lists
Each Sm_PolicyApi_SAMLProviderProp_t structure contains a SAML 2.0metadata property defined as a name/value pair. A complete set of propertiesfor a particular SAML 2.0 object is defined as a linked list of Sm_PolicyApi_SAMLProviderProp_t structures.
The following metadata properties apply to a given type of SAML 2.0 object:
  • Service Provider Properties
  • SAML Affiliation Properties
  • SAML 2.0 Authentication Scheme Properties
Some properties are used with multiple object types.
Service Provider Properties
A Service Provider object contains information that an Identity Provider needs to produce assertions for the Service Provider. Service Provider properties are stored within an Sm_PolicyApi_SAMLSP_t structure.
The properties of a SAML 2.0 Service Provider object are listed following.
Property Name
Comments
General Properties
SAML_NAME
String, required.
SAML_DESCRIPTION
String.
SAML_SP_AUTHENTICATION_URL
String, required.
SAML_ENABLED
Boolean.
Default: SAML_TRUE.
SAML_SP_DOMAIN
String, required.
Name IDs Tab
SAML_SP_NAMEID_FORMAT
String.
Default: Unspecified.
SAML_SP_NAMEID_TYPE
Integer.
Default: 1.
SAML_SP_NAMEID_STATIC
String.
Required conditionally.
SAML_SP_NAMEID_ATTRNAME
String.
Required conditionally.
SAML_SP_NAMEID_DNSPEC
String.
Required conditionally.
SAML_AFFILIATION
String.
SAML_KEY_SPID
String, required.
String, required.
SAML_MAJOR_VERSION
Integer.
Default: 2.
SAML_MINOR_VERSION
Integer.
Default: 0.
SAML_SKEWTIME
Integer.
Default: 30.
SAML_DISABLE_SIGNATURE_PROCESSING
Boolean.
Default: SAML_FALSE.
SAML_DSIG_VERINFO_ISSUER_DN
String.
Required conditionally.
SAML_DSIG_VERINFO_SERIAL_NUMBER
String.
Required conditionally.
SSO Properties
SAML_AUDIENCE
String, required.
SAML_SP_ASSERTION_CONSUMER_DEFAULT_URL
String, required.
SAML_ENABLE_SSO_ARTIFACT_BINDING
Boolean.
Default: SAML_FALSE.
SAML_SP_ARTIFACT_ENCODING
String.
Default: FORM. Applies if no value is provided and SAML_ENABLE_SSO_ARTIFACT_BINDING is SAML_TRUE.
SAML_SP_IDP_SOURCEID
String.
Default: A hex-encoded SHA-1 hash of the SAML_SP_IDPID value.
SAML_SP_PASSWORD
String.
Required conditionally (see page 34).
SAML_ENABLE_SSO_POST_BINDING
Boolean.
Default: SAML_FALSE.
SAML_SSOECPPROFILE
Boolean.
Default: SAML_FALSE.
SAML_SP_REQUIRE_SIGNED_AUTHNREQUESTS
Boolean.
Default: SAML_FALSE.
SAML_SP_AUTHENTICATION_LEVEL
Integer.
Default: 5.
SAML_SP_AUTHN_CONTEXT_CLASS_REF
String.
Default: urn:oasis:names:tc:SAML:2.0:ac:classes:Password
SAML_SP_VALIDITY_DURATION
Integer.
Default: 60.
SAML_SP_STARTTIME
Long.
SAML_SP_ENDTIME
Long.
SLO Properties
SAML_SLO_REDIRECT_BINDING
Boolean.
Default: SAML_FALSE.
SAML_SLO_SERVICE_VALIDITY_DURATION
Integer.
Default: 60. Applies if no value is provided and SAML_SLO_REDIRECT_BINDING is SAML_TRUE.
SAML_SLO_SERVICE_URL
String.
Required conditionally.
SAML_SLO_SERVICE_RESPONSE_URL
String.
SAML_SLO_SERVICE_CONFIRM_URL
String.
IPD Properties
SAML_SP_ENABLE_IPD
Boolean.
Default: SAML_FALSE.
SAML_SP_IPD_SERVICE_URL
String.
Required conditionally.
SAML_SP_COMMON_DOMAIN
String.
Required conditionally.
SAML_SP_PERSISTENT_COOKIE
Boolean.
Default: SAML_FALSE.
Encryption Properties
SAML_SP_ENCRYPT_ID
Boolean.
Default: SAML_FALSE.
SAML_SP_ENCRYPT_ASSERTION
Boolean.
Default: SAML_FALSE.
SAML_SP_ENCRYPT_BLOCK_ALGO
String.
Default: tripledes.
SAML_SP_ENCRYPT_KEY_ALGO
String.
Default: rsa-v15.
SAML_SP_ENCRYPT_CERT_ISSUER_DN
String.
Required conditionally.
SAML_SP_ENCRYPT_CERT_SERIAL_NUMBER
String.
Required conditionally.
Attribute Service Properties
SAML_SP_ATTRSVS_ENABLE
Boolean.
Default: False (0).
SAML_SP_ATTRSVS_VALIDITY_DURATION
Integer.
Default: 60 (seconds)
SAML_SP_ATTRSVS_SIGN_ASSERTION
Boolean.
Default: False (0).
SAML_SP_ATTRSVS_LDAP_SEARCH_SPEC
String.
SAML_SP_ATTRSVS_ODBC_SEARCH_SPEC
String.
SAML_SP_ATTRSVS_WINNT_SEARCH_SPEC
String.
SAML_SP_ATTRSVS_CUSTOM_SEARCH_SPEC
String.
SAML_SP_ATTRSVS_AD_SEARCH_SPEC
String.
Advanced Properties
SAML_SP_PLUGIN_CLASS
String.
SAML_SP_PLUGIN_PARAMS
String.
SAML Affiliation Properties
The properties of a SAML 2.0 affiliation object are listed below. Properties are grouped according to the way they are presented on the SAML Affiliation Properties dialog box.
SAML affiliation properties are stored within an Sm_PolicyApi_SAMLAffiliation_t structure.
Property Name
Comments
General Properties
SAML_NAME
String, required.
SAML_DESCRIPTION
String
SAML_KEY_AFFILIATION_ID
String, required.
SAML_MAJOR_VERSION
Integer.
Default: 2.
SAML_MINOR_VERSION
Integer.
Default: 0.
SAML_OID
String.
CA Single Sign-On
supplies the object identifier when an affiliation object is created.
Name IDs Tab
SAML_SP_NAMEID_FORMAT
String.
Default: Unspecified.
SAML_SP_NAMEID_TYPE
Integer.
Default: 1.
SAML_SP_NAMEID_STATIC
String.
Required conditionally.
SAML_SP_NAMEID_ATTRNAME
String.
Required conditionally.
SAML_SP_NAMEID_DNSPEC
String.
Required conditionally.
Users Tab
SAML_IDP_XPATH
String.
SAML_IDP_LDAP_SEARCH_SPEC
String.
SAML_IDP_ODBC_SEARCH_SPEC
String.
SAML_IDP_WINNT_SEARCH_SPEC
String.
SAML_IDP_CUSTOM_SEARCH_SPEC
String.
SAML_IDP_AD_SEARCH_SPEC
String.
SAML 2.0 Authentication Scheme Properties
The properties listed in this section define:
  • Authentication schemes based on the SAML 2.0 Template.
  • Metadata properties of the associated Identity Provider. The properties are stored with the authentication scheme.
You define a SAML 2.0 authentication scheme to represent an Identity Provider for a particular Service Provider.
The properties of a SAML 2.0 authentication scheme and its associated Identity Provider are listed below. Properties are grouped according to the way they are presented on the SAML Authentication Scheme Properties dialog box for the SAML 2.0 Template.
You define properties for a SAML 2.0 authentication scheme and its associated Identity Provider by calling Sm_PolicyApi_AddSAMLScheme().
Property Name
Comments
General Properties
SAML_NAME
String, required.
SAML_DESCRIPTION
String
Scheme Setup Tab
SAML_IDP_SPID
String, required.
SAML_KEY_IDPID
String, required.
SAML_MAJOR_VERSION
Integer.
Default: 2.
SAML_MINOR_VERSION
Integer.
Default: 0.
SAML_SKEWTIME
Integer.
Default: 30.
SAML_DISABLE_SIGNATURE_PROCESSING
Boolean.
Default: SAML_FALSE.
SAML_DSIG_VERINFO_ISSUER_DN
String.
Required conditionally (see page 9).
SAML_DSIG_VERINFO_SERIAL_NUMBER
String.
Required conditionally (see page 10).
Additional Configuration - Users Tab
SAML_IDP_XPATH
String.
SAML_IDP_LDAP_SEARCH_SPEC
String.
SAML_IDP_ODBC_SEARCH_SPEC
String.
SAML_IDP_WINNT_SEARCH_SPEC
String.
SAML_IDP_CUSTOM_SEARCH_SPEC
String.
SAML_IDP_AD_SEARCH_SPEC
String.
SAML_AFFILIATION
String.
Additional Configuration - SSO Tab
SAML_IDP_SSO_REDIRECT_MODE
Integer.
Default: 0.
SAML_IDP_SSO_DEFAULT_SERVICE
String, required.
SAML_AUDIENCE
String, required.
SAML_IDP_SSO_TARGET
String.
SAML_ENABLE_SSO_ARTIFACT_BINDING
Boolean.
Default: SAML_FALSE.
SAML_KEY_IDP_SOURCEID
String.
Default: A hex-encoded SHA-1 hash of the SAML_KEY_IDPID value.
SAML_IDP_ARTIFACT_RESOLUTION_DEFAULT_SERVICE
String.
Required conditionally (see page 12).
SAML_IDP_BACKCHANNEL_AUTH_TYPE
Integer.
Default: 0.
SAML_IDP_SPNAME
String.
Required conditionally (see page 19).
SAML_IDP_PASSWORD
String.
Required conditionally (see page 14).
SAML_ENABLE_SSO_POST_BINDING
Boolean.
Default: SAML_FALSE.
SAML_IDP_SSO_ENFORCE_SINGLE_USE_POLICY
Boolean.
Default: SAML_TRUE.
SAML_SSOECPPROFILE
Boolean.
Default: SAML_FALSE.
SAML_IDP_SIGN_AUTHNREQUESTS
Boolean.
Default: SAML_FALSE.
Additional Configuration - SLO Tab
SAML_SLO_REDIRECT_BINDING
Boolean.
Default: SAML_FALSE.
SAML_SLO_SERVICE_VALIDITY_DURATION
Integer.
Default: 60. Applies if no value is provided and SAML_SLO_REDIRECT_BINDING is SAML_TRUE.
SAML_SLO_SERVICE_URL
String.
Required conditionally.
SAML_SLO_SERVICE_RESPONSE_URL
String.
SAML_SLO_SERVICE_CONFIRM_URL
String.
Additional Configuration - Encryption Tab
SAML_IDP_REQUIRE_ENCRYPTED_ASSERTION
Boolean.
Default: SAML_FALSE.
SAML_IDP_REQUIRE_ENCRYPTED_NAMEID
Boolean.
Default: SAML_FALSE.
Additional Configuration - Attributes Tab
SAML_IDP_SAMLREQ_ENABLE
Boolean.
Default: False (0).
SAML_IDP_SAMLREQ_REQUIRE_SIGNED_ ASSERTION
Boolean.
Default: False (0).
SAML_IDP_SAMLREQ_ATTRIBUTE_SERVICE
String.
Additional Configuration - NameID tab
SAML_IDP_SAMLREQ_NAMEID_FORMAT
String.
SAML_IDP_SAMLREQ_NAMEID_TYPE
Integer.
Default: 1 (User Attribute)
SAML_IDP_SAMLREQ_NAMEID_STATIC
String.
SAML_IDP_SAMLREQ_NAMEID_ATTR_NAME
String.
SAML_IDP_SAMLREQ_NAMEID_DN_SPEC
String.
SAML_IDP_SAMLREQ_NAMEID_ALLOW_
NESTED
Boolean.
Deafult: False (0).
Additional Configuration - Advanced Tab
SAML_SP_PLUGIN_CLASS
String.
SAML_SP_PLUGIN_PARAMS
String.
SAML_IDP_REDIRECT_URL_USER_NOT_FOUND
String.
SAML_IDP_REDIRECT_MODE_USER_NOT_FOUND
Integer.
Default: 0.
SAML_IDP_REDIRECT_URL_FAILURE
String.
SAML_IDP_REDIRECT_MODE_FAILURE
Integer.
Default: 0.
SAML_IDP_REDIRECT_URL_INVALID
String.
SAML_IDP_REDIRECT_MODE_INVALID
Integer.
Default: 0.